Feel free to contact us:(+48) 22 113 14 51

Liability for false invoices issued by employees – when a thief walks through an open door

Until recently, court rulings on who bears responsibility for issuing false invoices have been inconsistent. Is it the employee who issued the fraudulent invoices or the employer, who was unaware of the dishonest activity and did not consent to it?
Author:
Dominika Gruszka
Junior TAX Consultant
Łukasz Kempa
Head of Tax Advisory, Tax Advisor

This uncertainty was expected to be resolved by a preliminary ruling from the Court of Justice of the European Union (CJEU), following a question referred by Poland's Supreme Administrative Court (NSA). However, the NSA's judgment from September 3, 2024, raises new questions about where an employer's duty of care in monitoring employees' actions begins and ends.

False invoices – a dispute over liability

The debate over this issue has been ongoing for some time. In May 2022, the NSA referred a question to the CJEU for a preliminary ruling. In January 2023, the CJEU responded, stating that "in a situation where an employee of a VAT taxpayer issued a false invoice showing VAT, using the taxpayer's identity without their knowledge or consent, the employee should be considered the party showing VAT under Article 203, unless the taxpayer failed to exercise the reasonable due diligence required to monitor the actions of said employee."

In other words, the taxpayer will not be liable for the VAT as long as they exercised due diligence in supervising their employees. Notably, the court emphasized that the due diligence must be "reasonably required." This raises a key question: where is the line drawn between failing to exercise due diligence and adhering to it in a "reasonably required" manner?

The Supreme Administrative Court Judgment

The Supreme Administrative Court (Polish: NSA) recognized a lack of clarity in this standard and addressed it in its September 3, 2024 judgment. The court ruled that an employer must exercise due diligence in supervising employees who issue VAT invoices. Otherwise, the employer may be held liable for VAT arising from those invoices

The case in question involved a company (a registered VAT taxpayer), where an employee had issued approximately 1,600 false invoices over several years. Over time, she also involved other colleagues in the fraudulent scheme, who benefited from it as well. According to the NSA, the company had failed to exercise due diligence, as it had not monitored the employee's computer, which was used to issue the invoices. The court emphasized that a taxpayer should establish a system to monitor the integrity of this process, either through internal controls, a specialized employee, or an external entity with expertise in this area. Therefore, it is crucial not to neglect the development and implementation of appropriate control procedures that could deter employees from engaging in fraudulent activities or at least help detect them sooner.

The fact that other employees eventually joined the scheme suggests they felt confident the oversight was inadequate, and the crime would go undetected. In its oral reasoning, the NSA further stressed that while a dishonest employee may always find an opportunity to commit fraud, a proper monitoring system can help prevent or expedite the discovery of such activities.

Moreover, the NSA compared the situation to home insurance, stating that neglecting proper oversight is like leaving the door open for a thief – in such a case, one cannot expect to claim compensation, as due diligence was not observed. However, if the house is adequately secured (i.e., due diligence was exercised), the insurance company has no reason to withhold compensation.

Although the NSA’s ruling has sparked debate, it highlights the importance of evaluating your company's system for monitoring employees who issue invoices. If the system lacks the measures and safeguards that the courts noted in this case, it may not provide the desired level of protection.

Skrócony formularz EN
Order online advice

Pursuant to the Personal Data Protection Act of 29 August 1997 (Journal of Laws Dz.U. 2016 item 922, as amended), I consent to receive commercial and marketing information from KR Group sp. z o.o. sp. k. with its registered office at ul. Skaryszewska 7, 03-802 Warsaw, and to introduction into the database and processing by KR Group sp. z o.o. sp. k. of my personal data provided in this form. I also acknowledge that my consent is voluntary and that I have the right to review, correct or remove my data.

usersearthmagnifiercrossmenuarrow-right